Mercurial > kallithea
annotate rhodecode/bin/ldap_sync.py @ 3574:000653f7cdf9 beta
avoid displaying repr of internal classes in user facing messages
The context of the message will tell where the problem was and there is no reason to show
... does not exist for this repository <MercurialRepository at /home/marcink/repos/rhodecode>
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Thu, 21 Mar 2013 11:17:01 +0100 |
| parents | 4358b1b9307d |
| children | f37d7514e7ab |
| rev | line source |
|---|---|
|
3556
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
1 # This program is free software: you can redistribute it and/or modify |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
2 # it under the terms of the GNU General Public License as published by |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
3 # the Free Software Foundation, either version 3 of the License, or |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
4 # (at your option) any later version. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
5 # |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
6 # This program is distributed in the hope that it will be useful, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
7 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
8 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
9 # GNU General Public License for more details. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
10 # |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
11 # You should have received a copy of the GNU General Public License |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
12 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
13 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
14 import ldap |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
15 import urllib2 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
16 import uuid |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
17 import json |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
18 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
19 from ConfigParser import ConfigParser |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
20 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
21 config = ConfigParser() |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
22 config.read('ldap_sync.conf') |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
23 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
24 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
25 class InvalidResponseIDError(Exception): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
26 """ Request and response don't have the same UUID. """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
27 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
28 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
29 class RhodecodeResponseError(Exception): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
30 """ Response has an error, something went wrong with request execution. """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
31 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
32 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
33 class UserAlreadyInGroupError(Exception): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
34 """ User is already a member of the target group. """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
35 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
36 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
37 class UserNotInGroupError(Exception): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
38 """ User is not a member of the target group. """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
39 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
40 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
41 class RhodecodeAPI(): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
42 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
43 def __init__(self, url, key): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
44 self.url = url |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
45 self.key = key |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
46 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
47 def get_api_data(self, uid, method, args): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
48 """Prepare dict for API post.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
49 return { |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
50 "id": uid, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
51 "api_key": self.key, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
52 "method": method, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
53 "args": args |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
54 } |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
55 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
56 def rhodecode_api_post(self, method, args): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
57 """Send a generic API post to Rhodecode. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
58 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
59 This will generate the UUID for validation check after the |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
60 response is returned. Handle errors and get the result back. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
61 """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
62 uid = str(uuid.uuid1()) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
63 data = self.get_api_data(uid, method, args) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
64 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
65 data = json.dumps(data) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
66 headers = {'content-type': 'text/plain'} |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
67 req = urllib2.Request(self.url, data, headers) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
68 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
69 response = urllib2.urlopen(req) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
70 response = json.load(response) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
71 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
72 if uid != response["id"]: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
73 raise InvalidResponseIDError("UUID does not match.") |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
74 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
75 if response["error"] != None: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
76 raise RhodecodeResponseError(response["error"]) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
77 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
78 return response["result"] |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
79 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
80 def create_group(self, name, active=True): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
81 """Create the Rhodecode user group.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
82 args = { |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
83 "group_name": name, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 "active": str(active) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
85 } |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
86 self.rhodecode_api_post("create_users_group", args) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
87 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 def add_membership(self, group, username): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
89 """Add specific user to a group.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
90 args = { |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
91 "usersgroupid": group, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
92 "userid": username |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
93 } |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
94 result = self.rhodecode_api_post("add_user_to_users_group", args) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
95 if not result["success"]: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
96 raise UserAlreadyInGroupError("User %s already in group %s." % |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
97 (username, group)) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
98 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
99 def remove_membership(self, group, username): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
100 """Remove specific user from a group.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
101 args = { |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
102 "usersgroupid": group, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
103 "userid": username |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
104 } |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
105 result = self.rhodecode_api_post("remove_user_from_users_group", args) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
106 if not result["success"]: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
107 raise UserNotInGroupError("User %s not in group %s." % |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
108 (username, group)) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
109 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
110 def get_group_members(self, name): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
111 """Get the list of member usernames from a user group.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
112 args = {"usersgroupid": name} |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
113 members = self.rhodecode_api_post("get_users_group", args)['members'] |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
114 member_list = [] |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
115 for member in members: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
116 member_list.append(member["username"]) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
117 return member_list |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
118 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
119 def get_group(self, name): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
120 """Return group info.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
121 args = {"usersgroupid": name} |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
122 return self.rhodecode_api_post("get_users_group", args) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
123 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
124 def get_user(self, username): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
125 """Return user info.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
126 args = {"userid": username} |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
127 return self.rhodecode_api_post("get_user", args) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
128 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
129 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
130 class LdapClient(): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
131 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
132 def __init__(self, uri, user, key, base_dn): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
133 self.client = ldap.initialize(uri, trace_level=0) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
134 self.client.set_option(ldap.OPT_REFERRALS, 0) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
135 self.client.simple_bind(user, key) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
136 self.base_dn = base_dn |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
137 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
138 def __del__(self): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
139 self.client.unbind() |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
140 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
141 def get_groups(self): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
142 """Get all the groups in form of dict {group_name: group_info,...}.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
143 searchFilter = "objectClass=groupOfUniqueNames" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
144 result = self.client.search_s(self.base_dn, ldap.SCOPE_SUBTREE, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
145 searchFilter) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
146 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
147 groups = {} |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
148 for group in result: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
149 groups[group[1]['cn'][0]] = group[1] |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
150 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
151 return groups |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
152 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
153 def get_group_users(self, groups, group): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
154 """Returns all the users belonging to a single group. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
155 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
156 Based on the list of groups and memberships, returns all the |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
157 users belonging to a single group, searching recursively. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
158 """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
159 users = [] |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
160 for member in groups[group]["uniqueMember"]: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
161 member = self.parse_member_string(member) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
162 if member[0] == "uid": |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
163 users.append(member[1]) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
164 elif member[0] == "cn": |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
165 users += self.get_group_users(groups, member[1]) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
166 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
167 return users |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
168 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
169 def parse_member_string(self, member): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
170 """Parses the member string and returns a touple of type and name. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
171 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
172 Unique member can be either user or group. Users will have 'uid' as |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
173 prefix while groups will have 'cn'. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
174 """ |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
175 member = member.split(",")[0] |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
176 return member.split('=') |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
177 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
178 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
179 class LdapSync(object): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
180 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
181 def __init__(self): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
182 self.ldap_client = LdapClient(config.get("default", "ldap_uri"), |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
183 config.get("default", "ldap_user"), |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
184 config.get("default", "ldap_key"), |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
185 config.get("default", "base_dn")) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
186 self.rhodocode_api = RhodecodeAPI(config.get("default", "api_url"), |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
187 config.get("default", "api_key")) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
188 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
189 def update_groups_from_ldap(self): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
190 """Add all the groups from LDAP to Rhodecode.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
191 added = existing = 0 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
192 groups = self.ldap_client.get_groups() |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
193 for group in groups: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
194 try: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
195 self.rhodecode_api.create_group(group) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
196 added += 1 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
197 except Exception: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
198 existing += 1 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
199 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
200 return added, existing |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
201 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
202 def update_memberships_from_ldap(self, group): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
203 """Update memberships in rhodecode based on the LDAP groups.""" |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
204 groups = self.ldap_client.get_groups() |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
205 group_users = self.ldap_client.get_group_users(groups, group) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
206 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
207 # Delete memberships first from each group which are not part |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
208 # of the group any more. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
209 rhodecode_members = self.rhodecode_api.get_group_members(group) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
210 for rhodecode_member in rhodecode_members: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
211 if rhodecode_member not in group_users: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
212 try: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
213 self.rhodocode_api.remove_membership(group, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
214 rhodecode_member) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
215 except UserNotInGroupError: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
216 pass |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
217 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
218 # Add memberships. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
219 for member in group_users: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
220 try: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
221 self.rhodecode_api.add_membership(group, member) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
222 except UserAlreadyInGroupError: |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
223 # TODO: handle somehow maybe.. |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
224 pass |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
225 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
226 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
227 if __name__ == '__main__': |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
228 sync = LdapSync() |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
229 print sync.update_groups_from_ldap() |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
230 |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
231 for gr in sync.ldap_client.get_groups(): |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
232 # TODO: exception when user does not exist during add membership... |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
233 # How should we handle this.. Either sync users as well at this step, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
234 # or just ignore those who don't exist. If we want the second case, |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
235 # we need to find a way to recognize the right exception (we always get |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
236 # RhodecodeResponseError with no error code so maybe by return msg (?) |
|
4358b1b9307d
added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
237 sync.update_memberships_from_ldap(gr) |